public inbox for gentoo-commits@lists.gentoo.org
 help / color / mirror / Atom feed
From: "Sven Vermeulen" <swift@gentoo.org>
To: gentoo-commits@lists.gentoo.org
Subject: [gentoo-commits] proj/hardened-refpolicy:swift commit in: policy/modules/contrib/
Date: Thu, 18 Jan 2018 16:15:42 +0000 (UTC)	[thread overview]
Message-ID: <1513228180.5e18d3eb437717c6ad25e614c617b0cad5700879.swift@gentoo> (raw)

commit:     5e18d3eb437717c6ad25e614c617b0cad5700879
Author:     Chris PeBenito <pebenito <AT> ieee <DOT> org>
AuthorDate: Wed Dec 13 23:55:43 2017 +0000
Commit:     Sven Vermeulen <swift <AT> gentoo <DOT> org>
CommitDate: Thu Dec 14 05:09:40 2017 +0000
URL:        https://gitweb.gentoo.org/proj/hardened-refpolicy.git/commit/?id=5e18d3eb

Replace deprecated mmap perm sets and pattern usage.

 policy/modules/contrib/apache.te    | 2 +-
 policy/modules/contrib/cobbler.te   | 2 +-
 policy/modules/contrib/dpkg.te      | 2 +-
 policy/modules/contrib/firewalld.te | 2 +-
 policy/modules/contrib/ftp.if       | 2 +-
 policy/modules/contrib/gnome.if     | 2 +-
 policy/modules/contrib/pingd.te     | 2 +-
 policy/modules/contrib/portage.te   | 2 +-
 policy/modules/contrib/postfix.te   | 4 ++--
 policy/modules/contrib/prelink.te   | 6 +++---
 policy/modules/contrib/samba.te     | 2 +-
 policy/modules/contrib/ulogd.te     | 2 +-
 12 files changed, 15 insertions(+), 15 deletions(-)

diff --git a/policy/modules/contrib/apache.te b/policy/modules/contrib/apache.te
index d28f4c2f..be12966a 100644
--- a/policy/modules/contrib/apache.te
+++ b/policy/modules/contrib/apache.te
@@ -415,7 +415,7 @@ read_lnk_files_pattern(httpd_t, httpd_log_t, httpd_log_t)
 logging_log_filetrans(httpd_t, httpd_log_t, file)
 
 allow httpd_t httpd_modules_t:dir list_dir_perms;
-mmap_files_pattern(httpd_t, httpd_modules_t, httpd_modules_t)
+mmap_exec_files_pattern(httpd_t, httpd_modules_t, httpd_modules_t)
 read_files_pattern(httpd_t, httpd_modules_t, httpd_modules_t)
 read_lnk_files_pattern(httpd_t, httpd_modules_t, httpd_modules_t)
 

diff --git a/policy/modules/contrib/cobbler.te b/policy/modules/contrib/cobbler.te
index 6177ef41..a3a4453a 100644
--- a/policy/modules/contrib/cobbler.te
+++ b/policy/modules/contrib/cobbler.te
@@ -72,7 +72,7 @@ allow cobblerd_t cobbler_etc_t:dir list_dir_perms;
 allow cobblerd_t cobbler_etc_t:file read_file_perms;
 allow cobblerd_t cobbler_etc_t:lnk_file read_lnk_file_perms;
 
-allow cobblerd_t cobbler_tmp_t:file mmap_file_perms;
+allow cobblerd_t cobbler_tmp_t:file mmap_exec_file_perms;
 manage_dirs_pattern(cobblerd_t, cobbler_tmp_t, cobbler_tmp_t)
 manage_files_pattern(cobblerd_t, cobbler_tmp_t, cobbler_tmp_t)
 files_tmp_filetrans(cobblerd_t, cobbler_tmp_t, { dir file })

diff --git a/policy/modules/contrib/dpkg.te b/policy/modules/contrib/dpkg.te
index e165fec3..0ff59b94 100644
--- a/policy/modules/contrib/dpkg.te
+++ b/policy/modules/contrib/dpkg.te
@@ -84,7 +84,7 @@ manage_sock_files_pattern(dpkg_t, dpkg_tmpfs_t, dpkg_tmpfs_t)
 manage_fifo_files_pattern(dpkg_t, dpkg_tmpfs_t, dpkg_tmpfs_t)
 fs_tmpfs_filetrans(dpkg_t, dpkg_tmpfs_t, { dir file lnk_file sock_file fifo_file })
 
-allow dpkg_t dpkg_var_lib_t:file mmap_file_perms;
+allow dpkg_t dpkg_var_lib_t:file mmap_exec_file_perms;
 manage_files_pattern(dpkg_t, dpkg_var_lib_t, dpkg_var_lib_t)
 files_var_lib_filetrans(dpkg_t, dpkg_var_lib_t, dir)
 

diff --git a/policy/modules/contrib/firewalld.te b/policy/modules/contrib/firewalld.te
index 2c930fe5..aa1c637d 100644
--- a/policy/modules/contrib/firewalld.te
+++ b/policy/modules/contrib/firewalld.te
@@ -47,7 +47,7 @@ logging_log_filetrans(firewalld_t, firewalld_var_log_t, file)
 
 manage_files_pattern(firewalld_t, firewalld_tmp_t, firewalld_tmp_t)
 files_tmp_filetrans(firewalld_t, firewalld_tmp_t, file)
-allow firewalld_t firewalld_tmp_t:file mmap_file_perms;
+allow firewalld_t firewalld_tmp_t:file mmap_exec_file_perms;
 
 manage_dirs_pattern(firewalld_t, firewalld_var_run_t, firewalld_var_run_t)
 manage_files_pattern(firewalld_t, firewalld_var_run_t, firewalld_var_run_t)

diff --git a/policy/modules/contrib/ftp.if b/policy/modules/contrib/ftp.if
index 349d1b3b..3bfe581d 100644
--- a/policy/modules/contrib/ftp.if
+++ b/policy/modules/contrib/ftp.if
@@ -53,7 +53,7 @@ interface(`ftp_check_exec',`
 	')
 
 	corecmd_search_bin($1)
-	allow $1 ftpd_exec_t:file mmap_file_perms;
+	allow $1 ftpd_exec_t:file mmap_exec_file_perms;
 ')
 
 ########################################

diff --git a/policy/modules/contrib/gnome.if b/policy/modules/contrib/gnome.if
index 8ed95ee2..8b27d15a 100644
--- a/policy/modules/contrib/gnome.if
+++ b/policy/modules/contrib/gnome.if
@@ -805,5 +805,5 @@ interface(`gnome_mmap_gstreamer_orcexec',`
 		type gstreamer_orcexec_t;
 	')
 
-	allow $1 gstreamer_orcexec_t:file mmap_file_perms;
+	allow $1 gstreamer_orcexec_t:file mmap_exec_file_perms;
 ')

diff --git a/policy/modules/contrib/pingd.te b/policy/modules/contrib/pingd.te
index 8dad7633..e20b15f8 100644
--- a/policy/modules/contrib/pingd.te
+++ b/policy/modules/contrib/pingd.te
@@ -30,7 +30,7 @@ allow pingd_t self:rawip_socket create_socket_perms;
 allow pingd_t pingd_etc_t:file read_file_perms;
 
 read_files_pattern(pingd_t, pingd_modules_t, pingd_modules_t)
-mmap_files_pattern(pingd_t, pingd_modules_t, pingd_modules_t)
+mmap_exec_files_pattern(pingd_t, pingd_modules_t, pingd_modules_t)
 
 corenet_all_recvfrom_unlabeled(pingd_t)
 corenet_all_recvfrom_netlabel(pingd_t)

diff --git a/policy/modules/contrib/portage.te b/policy/modules/contrib/portage.te
index 5905d4dc..067afc97 100644
--- a/policy/modules/contrib/portage.te
+++ b/policy/modules/contrib/portage.te
@@ -103,7 +103,7 @@ read_files_pattern(gcc_config_t, portage_conf_t, portage_conf_t)
 allow gcc_config_t portage_ebuild_t:dir list_dir_perms;
 read_files_pattern(gcc_config_t, portage_ebuild_t, portage_ebuild_t)
 
-allow gcc_config_t portage_exec_t:file mmap_file_perms;
+allow gcc_config_t portage_exec_t:file mmap_exec_file_perms;
 
 kernel_read_system_state(gcc_config_t)
 kernel_read_kernel_sysctls(gcc_config_t)

diff --git a/policy/modules/contrib/postfix.te b/policy/modules/contrib/postfix.te
index 383be1fc..eba65a15 100644
--- a/policy/modules/contrib/postfix.te
+++ b/policy/modules/contrib/postfix.te
@@ -120,7 +120,7 @@ allow postfix_domain postfix_etc_t:lnk_file read_lnk_file_perms;
 
 allow postfix_domain postfix_master_t:file read_file_perms;
 
-allow postfix_domain postfix_exec_t:file { mmap_file_perms lock };
+allow postfix_domain postfix_exec_t:file { mmap_exec_file_perms lock };
 
 allow postfix_domain postfix_master_t:process sigchld;
 
@@ -217,7 +217,7 @@ allow postfix_master_t postfix_data_t:file manage_file_perms;
 
 allow postfix_master_t postfix_keytab_t:file read_file_perms;
 
-allow postfix_master_t postfix_map_exec_t:file { mmap_file_perms ioctl lock };
+allow postfix_master_t postfix_map_exec_t:file { mmap_exec_file_perms ioctl lock };
 
 allow postfix_master_t { postfix_postdrop_exec_t postfix_postqueue_exec_t }:file getattr_file_perms;
 

diff --git a/policy/modules/contrib/prelink.te b/policy/modules/contrib/prelink.te
index db7d5974..43276472 100644
--- a/policy/modules/contrib/prelink.te
+++ b/policy/modules/contrib/prelink.te
@@ -53,10 +53,10 @@ append_files_pattern(prelink_t, prelink_log_t, prelink_log_t)
 read_lnk_files_pattern(prelink_t, prelink_log_t, prelink_log_t)
 logging_log_filetrans(prelink_t, prelink_log_t, file)
 
-allow prelink_t prelink_tmp_t:file { manage_file_perms mmap_file_perms relabel_file_perms execmod };
+allow prelink_t prelink_tmp_t:file { manage_file_perms mmap_exec_file_perms relabel_file_perms execmod };
 files_tmp_filetrans(prelink_t, prelink_tmp_t, file)
 
-allow prelink_t prelink_tmpfs_t:file { manage_file_perms mmap_file_perms relabel_file_perms execmod };
+allow prelink_t prelink_tmpfs_t:file { manage_file_perms mmap_exec_file_perms relabel_file_perms execmod };
 fs_tmpfs_filetrans(prelink_t, prelink_tmpfs_t, file)
 
 manage_dirs_pattern(prelink_t, prelink_var_lib_t, prelink_var_lib_t)
@@ -64,7 +64,7 @@ manage_files_pattern(prelink_t, prelink_var_lib_t, prelink_var_lib_t)
 relabel_files_pattern(prelink_t, prelink_var_lib_t, prelink_var_lib_t)
 files_var_lib_filetrans(prelink_t, prelink_var_lib_t, { dir file })
 
-allow prelink_t prelink_object:file { manage_file_perms mmap_file_perms relabel_file_perms };
+allow prelink_t prelink_object:file { manage_file_perms mmap_exec_file_perms relabel_file_perms };
 
 kernel_read_system_state(prelink_t)
 kernel_read_kernel_sysctls(prelink_t)

diff --git a/policy/modules/contrib/samba.te b/policy/modules/contrib/samba.te
index 78af52df..58dc60fb 100644
--- a/policy/modules/contrib/samba.te
+++ b/policy/modules/contrib/samba.te
@@ -763,7 +763,7 @@ manage_files_pattern(swat_t, samba_var_t, samba_var_t)
 manage_lnk_files_pattern(swat_t, samba_var_t, samba_var_t)
 files_var_filetrans(swat_t, samba_var_t, dir, "samba")
 
-allow swat_t smbd_exec_t:file mmap_file_perms ;
+allow swat_t smbd_exec_t:file mmap_exec_file_perms ;
 
 allow swat_t { winbind_t smbd_t }:process { signal signull };
 

diff --git a/policy/modules/contrib/ulogd.te b/policy/modules/contrib/ulogd.te
index ef4c5fa4..18779e5d 100644
--- a/policy/modules/contrib/ulogd.te
+++ b/policy/modules/contrib/ulogd.te
@@ -35,7 +35,7 @@ allow ulogd_t self:tcp_socket create_stream_socket_perms;
 read_files_pattern(ulogd_t, ulogd_etc_t, ulogd_etc_t)
 
 list_dirs_pattern(ulogd_t, ulogd_modules_t, ulogd_modules_t)
-mmap_files_pattern(ulogd_t, ulogd_modules_t, ulogd_modules_t)
+mmap_exec_files_pattern(ulogd_t, ulogd_modules_t, ulogd_modules_t)
 
 append_files_pattern(ulogd_t, ulogd_var_log_t, ulogd_var_log_t)
 create_files_pattern(ulogd_t, ulogd_var_log_t, ulogd_var_log_t)


             reply	other threads:[~2018-01-18 16:16 UTC|newest]

Thread overview: 130+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2018-01-18 16:15 Sven Vermeulen [this message]
  -- strict thread matches above, loose matches on Subject: below --
2018-01-18 16:15 [gentoo-commits] proj/hardened-refpolicy:swift commit in: policy/modules/contrib/ Sven Vermeulen
2018-01-18 16:15 Sven Vermeulen
2018-01-18 16:15 Sven Vermeulen
2018-01-18 16:15 Sven Vermeulen
2018-01-18 16:15 Sven Vermeulen
2018-01-18 16:15 Sven Vermeulen
2018-01-18 16:15 Sven Vermeulen
2018-01-18 16:15 Sven Vermeulen
2018-01-18 16:15 Sven Vermeulen
2018-01-18 16:15 Sven Vermeulen
2018-01-18 16:15 Sven Vermeulen
2018-01-18 16:15 Sven Vermeulen
2017-05-18 17:03 [gentoo-commits] proj/hardened-refpolicy:master " Sven Vermeulen
2017-05-18 17:02 ` [gentoo-commits] proj/hardened-refpolicy:swift " Sven Vermeulen
2017-05-18 17:03 [gentoo-commits] proj/hardened-refpolicy:master " Sven Vermeulen
2017-05-18 17:02 ` [gentoo-commits] proj/hardened-refpolicy:swift " Sven Vermeulen
2017-05-18 17:03 [gentoo-commits] proj/hardened-refpolicy:master " Sven Vermeulen
2017-05-18 17:02 ` [gentoo-commits] proj/hardened-refpolicy:swift " Sven Vermeulen
2017-05-18 17:03 [gentoo-commits] proj/hardened-refpolicy:master " Sven Vermeulen
2017-05-18 17:02 ` [gentoo-commits] proj/hardened-refpolicy:swift " Sven Vermeulen
2017-05-18 17:02 Sven Vermeulen
2017-05-18 17:02 Sven Vermeulen
2017-05-18 16:54 Sven Vermeulen
2017-05-18 16:54 Sven Vermeulen
2017-05-18 16:54 Sven Vermeulen
2017-05-18 16:54 Sven Vermeulen
2017-05-18 16:54 Sven Vermeulen
2017-05-18 16:54 Sven Vermeulen
2017-05-18 16:54 Sven Vermeulen
2017-05-18 16:54 Sven Vermeulen
2017-05-18 16:54 Sven Vermeulen
2017-05-18 16:54 Sven Vermeulen
2017-05-18 16:54 Sven Vermeulen
2017-05-18 16:54 Sven Vermeulen
2017-05-18 16:54 Sven Vermeulen
2016-10-24 16:56 [gentoo-commits] proj/hardened-refpolicy:master " Sven Vermeulen
2016-10-24 16:47 ` [gentoo-commits] proj/hardened-refpolicy:swift " Sven Vermeulen
2016-10-24 16:03 [gentoo-commits] proj/hardened-refpolicy:next " Sven Vermeulen
2016-10-24 16:02 ` [gentoo-commits] proj/hardened-refpolicy:swift " Sven Vermeulen
2016-10-24 16:02 Sven Vermeulen
2016-10-24 16:02 Sven Vermeulen
2016-10-24 16:02 Sven Vermeulen
2016-10-24 16:02 [gentoo-commits] proj/hardened-refpolicy:master " Sven Vermeulen
2016-10-24 16:02 ` [gentoo-commits] proj/hardened-refpolicy:swift " Sven Vermeulen
2016-10-24 15:45 Sven Vermeulen
2016-10-24 15:45 Sven Vermeulen
2016-10-24 15:45 Sven Vermeulen
2016-10-24 15:45 Sven Vermeulen
2016-10-24 15:45 Sven Vermeulen
2016-10-24 15:45 Sven Vermeulen
2016-10-24 15:45 Sven Vermeulen
2016-10-24 15:45 Sven Vermeulen
2016-10-24 15:45 Sven Vermeulen
2016-10-24 15:45 Sven Vermeulen
2016-10-24 15:45 Sven Vermeulen
2016-10-24 15:45 Sven Vermeulen
2016-10-24 15:45 Sven Vermeulen
2016-10-24 15:45 Sven Vermeulen
2016-10-24 15:45 Sven Vermeulen
2016-10-24 15:45 Sven Vermeulen
2016-10-24 15:45 Sven Vermeulen
2016-07-03 11:34 Sven Vermeulen
2016-07-03 11:34 Sven Vermeulen
2016-07-03 11:34 Sven Vermeulen
2016-07-03 11:34 Sven Vermeulen
2016-07-03 11:34 Sven Vermeulen
2016-07-03 11:34 Sven Vermeulen
2016-07-03 11:34 Sven Vermeulen
2016-07-03 11:34 Sven Vermeulen
2016-07-03 11:34 Sven Vermeulen
2016-07-03 11:34 Sven Vermeulen
2016-07-03 11:34 Sven Vermeulen
2016-07-03 11:34 Sven Vermeulen
2016-07-03 11:34 Sven Vermeulen
2016-07-03 11:33 [gentoo-commits] proj/hardened-refpolicy:master " Sven Vermeulen
2016-07-03 11:34 ` [gentoo-commits] proj/hardened-refpolicy:swift " Sven Vermeulen
2016-07-03 11:33 [gentoo-commits] proj/hardened-refpolicy:master " Sven Vermeulen
2016-07-03 11:34 ` [gentoo-commits] proj/hardened-refpolicy:swift " Sven Vermeulen
2016-07-03 11:33 [gentoo-commits] proj/hardened-refpolicy:master " Sven Vermeulen
2016-07-03 11:34 ` [gentoo-commits] proj/hardened-refpolicy:swift " Sven Vermeulen
2015-12-02 15:45 Sven Vermeulen
2015-12-02 15:45 Sven Vermeulen
2015-12-02 15:45 Sven Vermeulen
2015-12-02 15:45 Sven Vermeulen
2015-12-02 15:45 Sven Vermeulen
2015-12-02 15:45 Sven Vermeulen
2015-12-02 15:45 Sven Vermeulen
2015-12-02 15:45 Sven Vermeulen
2015-12-02 15:45 Sven Vermeulen
2015-12-02 15:45 Sven Vermeulen
2015-12-02 15:45 Sven Vermeulen
2015-10-10 12:11 Sven Vermeulen
2015-10-10 12:11 Sven Vermeulen
2015-10-10 12:11 Sven Vermeulen
2015-10-10 12:11 Sven Vermeulen
2015-10-10 12:11 Sven Vermeulen
2015-10-10 12:11 Sven Vermeulen
2015-10-10 12:11 Sven Vermeulen
2015-10-10 12:11 Sven Vermeulen
2015-10-10 12:11 Sven Vermeulen
2015-10-10 12:11 Sven Vermeulen
2015-10-10 12:11 Sven Vermeulen
2015-10-10 12:11 Sven Vermeulen
2015-10-10 12:11 Sven Vermeulen
2015-10-10 12:11 Sven Vermeulen
2015-10-10 12:11 Sven Vermeulen
2015-10-10 12:11 Sven Vermeulen
2015-07-13 17:35 Sven Vermeulen
2015-07-11 14:09 Sven Vermeulen
2015-07-11 14:09 Sven Vermeulen
2015-07-11 14:09 Sven Vermeulen
2015-07-11 14:09 Sven Vermeulen
2015-07-11 14:09 Sven Vermeulen
2015-07-11 14:09 Sven Vermeulen
2015-07-07 14:12 [gentoo-commits] proj/hardened-refpolicy:master " Sven Vermeulen
2015-07-11 14:09 ` [gentoo-commits] proj/hardened-refpolicy:swift " Sven Vermeulen
2015-06-27 15:03 [gentoo-commits] proj/hardened-refpolicy:master " Sven Vermeulen
2015-07-11 14:09 ` [gentoo-commits] proj/hardened-refpolicy:swift " Sven Vermeulen
2015-06-11 16:08 [gentoo-commits] proj/hardened-refpolicy:master " Sven Vermeulen
2015-06-11 16:04 ` [gentoo-commits] proj/hardened-refpolicy:swift " Sven Vermeulen
2015-06-11 16:04 Sven Vermeulen
2015-06-09 14:25 [gentoo-commits] proj/hardened-refpolicy:master " Sven Vermeulen
2015-06-11 16:04 ` [gentoo-commits] proj/hardened-refpolicy:swift " Sven Vermeulen
2015-06-09 13:59 [gentoo-commits] proj/hardened-refpolicy:master " Sven Vermeulen
2015-06-09 13:34 ` [gentoo-commits] proj/hardened-refpolicy:swift " Sven Vermeulen
2015-06-09 13:34 Sven Vermeulen
2015-06-09 13:34 Sven Vermeulen
2015-06-09 13:30 Sven Vermeulen
2015-06-09 13:24 Sven Vermeulen
2015-06-09 13:24 Sven Vermeulen
2015-06-09 13:24 Sven Vermeulen
2015-06-09 13:24 Sven Vermeulen
2015-06-09 13:24 Sven Vermeulen
2015-06-09 13:24 Sven Vermeulen
2015-06-09 13:24 Sven Vermeulen
2015-06-09 13:24 Sven Vermeulen
2015-06-09 13:24 Sven Vermeulen
2015-05-25 16:15 [gentoo-commits] proj/hardened-refpolicy:master " Sven Vermeulen
2015-06-09 13:24 ` [gentoo-commits] proj/hardened-refpolicy:swift " Sven Vermeulen
2015-05-16 11:31 [gentoo-commits] proj/hardened-refpolicy:master " Sven Vermeulen
2015-05-16 11:30 ` [gentoo-commits] proj/hardened-refpolicy:swift " Sven Vermeulen
2015-05-16 11:13 Sven Vermeulen
2015-05-15 13:47 [gentoo-commits] proj/hardened-refpolicy:master " Sven Vermeulen
2015-05-15 13:47 ` [gentoo-commits] proj/hardened-refpolicy:swift " Sven Vermeulen
2015-05-15 13:47 [gentoo-commits] proj/hardened-refpolicy:master " Sven Vermeulen
2015-05-15 13:27 ` [gentoo-commits] proj/hardened-refpolicy:swift " Sven Vermeulen
2015-05-15 13:47 [gentoo-commits] proj/hardened-refpolicy:master " Sven Vermeulen
2015-05-15 13:29 ` [gentoo-commits] proj/hardened-refpolicy:swift " Sven Vermeulen
2015-05-15 13:47 [gentoo-commits] proj/hardened-refpolicy:master " Sven Vermeulen
2015-05-15 13:27 ` [gentoo-commits] proj/hardened-refpolicy:swift " Sven Vermeulen

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=1513228180.5e18d3eb437717c6ad25e614c617b0cad5700879.swift@gentoo \
    --to=swift@gentoo.org \
    --cc=gentoo-commits@lists.gentoo.org \
    --cc=gentoo-dev@lists.gentoo.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox